“Businesses must reassess changes made to licences and contracts in March – both from an operational perspective but also, crucially, from a compliance perspective.”
SoftwareONE‘s Antony Attfield warns that vendors won’t retain post-COVID licensing flexibility for ever. What should businesses preparing for software audits look out for? (And what might IT leaders have overlooked?)
When COVID-19 turned the business world on its head, many companies had to scramble to support remote working almost overnight. This ‘mad dash’ has shone a spotlight on an often-overlooked aspect of IT – Software Asset Management, or SAM. By helping businesses to assess what’s critical to keeping the lights on, and what is not, SAM plays a crucial role in how businesses manage costs and predict what their software needs will be; this is especially important when we consider the longer term trend now emerging towards permanent remote working. With this in mind, it’s no surprise we’re seeing a turning point in how CIOs appreciate its value.
Many businesses will have already looked at SAM from a cost-cutting perspective since March, from downscaling non-essential software, to upscaling others – such as Zoom and Microsoft Teams – or moving to more flexible contracts with software vendors. However, it’s not just cost that businesses should be thinking about but compliance as well. While it’s understandable that the question of compliance may have taken a backseat initially, COVID-19 won’t remain a valid excuse for long. Audits will be going ahead next year, and businesses need to be ready for them. As such, far from viewing SAM as done and dusted, organisations must be continuously assessing their software and licences and checking they are compliant with the agreement T&Cs.
The new working normal
Lockdown in the UK is beginning to ease, and it seems likely that offices may begin to reopen in the coming months – with returning to the office expected to be voluntary in most businesses for some time. This raises several things for businesses to consider. Firstly, the re-opening of offices is likely to be phased, with only some employees making the return at first, or being organised into alternating groups on different days. At the same time, many employees will probably opt to continue to work from home – thereby simultaneously making remote working a more permanent fixture of working life. This will lead to the creation of hybrid workforces that are split between off and on-premise, and supporting both will require a combination of software and licenses.
In light of this, businesses must reassess changes made to licences and contracts in March – both from an operational perspective but also, crucially, from a compliance perspective. We cannot forget that the lockdown has been hard on everyone and vendors are not exempt; whilst they have been lenient for the past three months, it is understandable that COVID-19 cannot continue to be a reason to overlook non-compliance. So, what should businesses be thinking about?
Striking a balance
Businesses must look at what they cancelled or altered in March to accommodate a temporary remote workforce and cut costs during lockdown. For instance, many organisations may have scaled down or entirely cancelled their on-premise software when lockdown began, such as on-premise ERP solutions. However, if workers begin to return to the office and use this software without the proper licensing, businesses risk non-compliance. Organisations should reassess what on-premise software will need to be scaled up again – if only to support a partial workforce – and could also implement monitoring solutions for checking if demand for this software changes over the coming months.
Additionally, once offices reopen, some businesses may begin looking at scaling down any additional servers or cloud infrastructure purchased during lockdown to support remote workers. However, with remote working likely to continue, it’s key that businesses do not strip away too much of newly purchased cloud infrastructure, even to help cut costs. Instead, it will be vital for businesses to ensure they maintain a balance of the appropriate licences for both off and on-premise to support a hybrid workforce whilst remaining compliant.
Covering the bases
Businesses must also use this time to ensure that they did not miss anything that could leave them non-compliant when they first enabled remote workers. For instance, whilst most organisations know they are responsible for software licensing on company-owned devices, they may not realise this responsibility can extend to personal devices used to access work. In fact, Microsoft Office has a restriction on individuals using their own copies of the software suite for work, saying that, “the service/software may not be used for commercial, non-profit or revenue generating activities”. As such, businesses must either provide the devices and the software or obtain a new licence incorporating BYOD.
Another way for businesses to prepare themselves for audits next year is to carry out internal audits proactively. Businesses should then also ensure that progress is being communicated effectively throughout the organisation. Gartner found that just four percent of audit and risk leaders were prioritising updating the board on progress during this time, but by making SAM a board-level issue and treating it as a partner working alongside the business, organisations can further maximise its value. By proactively identifying licensing compliance risk, the business can budget for additional spend, apply recommended changes to reduce risk and be fully equipped for discussions with software publishers during this transitional period.
The next twelve months are set to be a time of great change for organisations, but even amid this upheaval, software audits are an inevitability. Visibility into the software estate, what is being used and by who, and how many licences there are, is crucial. To avoid being caught out by audits, businesses must assess their licensing position both now and continuously, treating SAM as a living breathing thing, not a tick-box exercise.